<?php
/**
 * Show employee information function
 *
 * Return employee profile information
 *
 * @author Dawid Marciniak <dawidm@gmail.com>
 */
include_once 'UTerrorcode.php';
include_once 'UTcheckAuth.php';
include_once 'UTDbglobal.php';
/**
 * @param $userName string
 * @param $userPass string
 * @param $targetUser string
 * @return array|void
 */
function showEmployeeInfo($userName,$userPass,$targetUser)
{
	global $dbaddress;
    global $dbuser;
    global $dbpassword;
    global $dbdatabasename;
	
	//declare output and auth success/fail var, error code generated throughout
	$output = array();
	$auth = 0;
	
	if (checkAuthentication($userName, $userPass) == true) {
		$conn = mysqli_connect($dbaddress,$dbuser,$dbpassword,$dbdatabasename);
		$sql = "SELECT empID FROM paradigmshift_dev.account WHERE accName = '$targetUser'";
		$result = mysqli_query($conn, $sql);
		$row = mysqli_fetch_row($result);
		$empID = $row[0];
		
		if ($row == NULL) {
			$error = 300 + ErrorCode::failRead;
		} elseif ($userName == $targetUser){//no more auth needed
			$auth = 1;
		} else {
			//check if user is manager
			$sql = "SELECT empID FROM paradigmshift_dev.account WHERE accName = '$userName'";
			$result = mysqli_query($conn, $sql);
			$row = mysqli_fetch_object($result);
			$managerID = $row->empID;
			
			$sql = "SELECT empStatus FROM paradigmshift_dev.employees WHERE empID = '$managerID'";
			$result = mysqli_query($conn, $sql);
			$row = mysqli_fetch_object($result);
			$empStatus = $row->empStatus;
			
			if ($empStatus == 'Manager') {
				$auth = 1;
			} else {
				$error = ErrorCode::authFailRead;
			}
		}
		
	} else {
		$error = ErrorCode::authFailRead;
	}
	
	if ($auth == 1) {
			$sql = "SELECT * FROM Employees WHERE empID = '$empID'";
			$result = mysqli_query($conn, $sql);
			if (!$result) {
				$error = ErrorCode::sysError;
			}
			$outty = mysqli_fetch_array($result);
			$error = ErrorCode::successRead;
				
			$msg = $outty[1] . $outty[2] . $outty[3] . $outty[4] . $outty[5] . $outty[6] . $outty[7] . $outty[8] . $outty[9];
			$hashMsg = hash('md5', $msg);
			
			$output[0]=$outty;
	}
	//append error code to start of code
	array_unshift($output, $error);
	if ($auth == 1) {
		$output[] = $hashMsg;
		$output['hash'] = $hashMsg;
	}
	return $output;
}